Family Business Focus — Risk | Part 4 in the Family Business Focus Video Series
Risk is unavoidable—but preparation can determine whether a family enterprise weathers disruption or is defined by it.
In Part 4 of the Family Business Focus video series, Kirsten Vosen, U.S. Deloitte Private Audit and Assurance Leader, sits down with Laura Pearson, Deloitte Private’s U.S. Family Enterprise Leader, to explore how family businesses can strengthen their approach to risk management. From enterprise-wide frameworks and internal controls to defining risk appetite and conducting crisis simulations, this episode provides practical guidance to help family enterprises anticipate threats, protect their legacy, and navigate uncertainty with confidence.
Kirsten Vosen [00:00:12]
Hi, I’m Kirsten Vosen, U.S. Deloitte Private Audit and Assurance Leader. Welcome to Family Business Focus, where we cover topics of interest to family businesses. Throughout this series, we’ve been speaking with Laura Pearson, Deloitte Private’s U.S. Family Enterprise Leader. Today, Laura and I will discuss risk as it relates to family enterprises. Laura, welcome.
Laura Pearson [00:00:32]
Thanks, Kirsten. It’s great to be here with you again.
Kirsten Vosen [00:00:36]
When people think of risk, they often focus on cybersecurity. But there are many other risks—such as brand reputation crises or unauthorized access to sensitive data. Which risks are most important for family businesses to focus on?
Laura Pearson [00:00:51]
As you said, risk is abundant and a normal part of business operations, and it’s impossible to anticipate every possible scenario. Instead, I advise companies to consider potential outcomes. For example: What would the business do if systems were down for three days due to an attack? What if intellectual property were compromised?
Organizations need contingency plans for these possibilities. A leading practice is adopting a top-down enterprise risk management (ERM) approach, where risk intelligence is integrated across the organization—from strategy setting to business planning to performance management. Risk awareness should be embedded throughout the entire enterprise.
Kirsten Vosen [00:01:40]
One important element of enterprise risk management is internal controls. How can internal controls help family businesses manage risk in their day-to-day operations?
Laura Pearson [00:01:50]
I’m glad you asked, because there’s a misconception that internal controls aren’t necessary for family businesses due to fewer reporting requirements and less external oversight than public companies. But that’s simply not true.
Strong internal controls can be extremely valuable. They help detect losses and inefficiencies and enable better decision-making and agility. When designing controls, family businesses should implement both preventive and detective measures across three areas: people, processes, and technology.
Kirsten Vosen [00:02:31]
Based on your experience working with family businesses, how prepared are they for today’s evolving risk environment?
Laura Pearson [00:02:39]
In a recent Deloitte webcast—where most attendees were from private or family-owned businesses—only 9% of respondents rated their enterprise risk management programs as highly effective. At the same time, many organizations haven’t adopted vendor security protocols or appointed dedicated chief information security officers. So there’s definitely room for improvement.
Kirsten Vosen [00:03:08]
Once a family enterprise has a risk team in place, what should they do next?
Laura Pearson [00:03:12]
One of the first steps is conducting a comprehensive risk assessment at both the management and board levels. From there, the organization should define its risk appetite and establish guardrails accordingly.
These steps shape the company’s broader approach, influencing strategy, investment decisions, and the allocation of resources to people, technology, and tools. Risk discussions should be ongoing, with adjustments made as conditions evolve.
Kirsten Vosen [00:03:47]
How can organizations test the effectiveness of their risk management approach?
Laura Pearson [00:03:50]
Tabletop exercises are an effective way to do this. These simulations prepare teams for potential security incidents by walking through realistic scenarios. They allow cross-functional leaders to practice their roles and responsibilities, identify gaps, and build “muscle memory” so the organization can respond more effectively and begin recovery quickly if an incident occurs.
Kirsten Vosen [00:04:23]
That’s all the time we have today. Thank you, Laura, for sharing your perspectives on risk and how family businesses can strengthen their risk intelligence.
Laura Pearson [00:04:33]
Thanks, Kirsten. It’s been great connecting with you throughout this series.
Kirsten Vosen [00:04:36]
And thank you for joining us for Family Business Focus — Risk. We hope you found this series informative and engaging, and that these insights will help you navigate and thrive in your family enterprise.